Skip to content

Implemented retest feature #114

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 2 commits into
base: github-dev
Choose a base branch
from
Open

Implemented retest feature #114

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
0f11e39
Implemented retest feature
thejohnbrown Apr 22, 2024
39038c7
Merge branch 'github-dev' into retest-feature
thejohnbrown May 1, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 11 additions & 0 deletions writehat/components/FindingsStatusList.py
View file
Open in desktop
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This component should additionally be able to filter by finding group, like what we do in FindingsList.py. That way we dont always have to show the status of every finding group all the time.

Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
import logging
from .base import *

log = logging.getLogger(__name__)

class Component(BaseComponent):

default_name = 'Summary of Findings Status'
htmlTemplate = 'componentTemplates/FindingsStatusList.html'
iconType = 'fas fa-th-list'
iconColor = 'var(--orange)'
11 changes: 11 additions & 0 deletions writehat/lib/finding.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,17 @@ class BaseDatabaseFinding(WriteHatBaseModel):
background = MarkdownField(max_length=30000, null=True, blank=True)
remediation = MarkdownField(max_length=30000, null=True, blank=True)
references = MarkdownField(max_length=30000, null=True, blank=True)
retest = MarkdownField(max_length=30000, null=True, blank=True)
# status choices
status_choices = (
("Open", "Open"),
("Partially Fixed", "Partially Fixed"),
("Risk Accepted", "Risk Accepted"),
("Fixed", "Fixed"),
("Not Fixed", "Not Fixed"),
("Closed", "Closed"),
)
status = models.CharField(max_length=30, choices=status_choices, default="Open")

# Overridden by child class
scoringType = models.CharField(default='None', max_length=50)
Expand Down
25 changes: 23 additions & 2 deletions writehat/lib/findingForm.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,13 +29,32 @@ class FindingForm(forms.Form):
max_length=30000,
required=False)

retest = forms.CharField(
label='Retest',
widget=forms.Textarea(),
max_length=30000,
required=False)

categoryID = forms.UUIDField(
label='Category',
widget=CategoryBootstrapSelectEngagements(
attrs={'required': 'true'}
),
required=True)

#vulnerability status
statusChoices = (
("Open", "Open"),
("Partially Fixed", "Partially Fixed"),
("Risk Accepted", "Risk Accepted"),
("Fixed", "Fixed"),
("Not Fixed", "Not Fixed"),
("Closed", "Closed")
)
status = forms.ChoiceField(choices=statusChoices,
label='Status',
required=True)

@property
def className(self):

Expand Down Expand Up @@ -420,7 +439,7 @@ def __init__(self, *args, **kwargs):
class CVSSEngagementFindingForm(EngagementFindingForm,CVSSForm):

findingGroup = forms.UUIDField(label='Finding Group',required=True)
field_order = ['name','findingGroup','categoryID','description','affectedResources','background','proofOfConcept','toolsUsed','remediation','references','cvssAV','cvssAC','cvssPR','cvssUI','cvssS','cvssC','cvssI','cvssA','cvssE','cvssRL','cvssRC','cvssCR','cvssIR','cvssAR','cvssMAV','cvssMAC','cvssMPR','cvssMUI','cvssMS','cvssMC','cvssMI','cvssMA',]
field_order = ['name','status','findingGroup','categoryID','description','affectedResources','background','proofOfConcept','retest','toolsUsed','remediation','references','cvssAV','cvssAC','cvssPR','cvssUI','cvssS','cvssC','cvssI','cvssA','cvssE','cvssRL','cvssRC','cvssCR','cvssIR','cvssAR','cvssMAV','cvssMAC','cvssMPR','cvssMUI','cvssMS','cvssMC','cvssMI','cvssMA',]


class DREADEngagementFindingForm(EngagementFindingForm,DREADForm):
Expand Down Expand Up @@ -452,12 +471,14 @@ class DREADEngagementFindingForm(EngagementFindingForm,DREADForm):

field_order = [
'name',
'status',
'findingGroup',
'categoryID',
'description',
'affectedResources',
'dreadImpact',
'background',
'retest',
'remediation',
'references',
'dreadDamage',
Expand All @@ -476,7 +497,7 @@ class DREADEngagementFindingForm(EngagementFindingForm,DREADForm):
class ProactiveEngagementFindingForm(EngagementFindingForm,ProactiveForm):

findingGroup = forms.UUIDField(label='Finding Group',required=True)
field_order = ['name','findingGroup','categoryID','description','affectedResources','background','references']
field_order = ['name','status','findingGroup','categoryID','description','affectedResources','background','retest','references']


class CVSSDatabaseFindingForm(CVSSForm):
Expand Down
10 changes: 10 additions & 0 deletions writehat/static/css/component/FindingsList.css
View file
Open in desktop
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This css addition is no longer necessary, since this info should now just be put in the HTML template directly.

Original file line number Diff line number Diff line change
Expand Up @@ -112,6 +112,16 @@
background-color: var(--stripe-background-color);
}

div.finding div.finding-content > div.status::before { content: "Status" !important; }
div.finding div.finding-content > div.category::before { content: "Category" !important; }
div.finding div.finding-content > div.affected-resources::before { content: "Affected Resources" !important; }
div.finding div.finding-content > div.description::before { content: "Description" !important; }
div.finding div.finding-content > div.background::before { content: "Background" !important; }
div.finding div.finding-content > div.retest::before { content: "Retest" !important; }
div.finding div.finding-content > div.remediation::before { content: "Remediation" !important; }
div.finding div.finding-content > div.references::before { content: "References" !important; }

/* CVSS SPECIFIC */
.finding .finding-content:last-child{
height: 100%;
}
Expand Down
89 changes: 89 additions & 0 deletions writehat/static/css/component/FindingsStatusList.css
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,89 @@
div.finding-group-name {
padding: .5em;
margin: .5em;
font-weight: bold;
font-size: 1.1em;
width: 100%;
text-align: center;
}

p.findings-status-summary-entry {
padding: .5rem;
padding-left: 1rem;
padding-right: 1rem;
margin: 0 10rem 2px calc(2rem + 4px);
position: relative;
background-color: #BEDDBA;
}

p.findings-status-summary-entry::before {
content: '';
padding: 1rem;
position: absolute;
background-color: #7BB274;
display: inline-block;
left: calc(-2rem - 2px);
bottom: 0;
top: 0;
}

p.findings-status-summary-entry::after {
content: attr(finding-status);
padding: .5rem;
padding-left: 1rem;
padding-right: 1rem;
position: absolute;
background-color: #BEDDBA;
display: inline-block;
left: calc(36.8rem + 2px);
bottom: 0;
top: 0;
color: black;
font-weight: bold;
font-size: 16px;
overflow: hidden;
white-space: nowrap;
width: 8rem;
text-align: center;
}

p.findings-status-summary-entry a {
text-decoration: none;
color: black;
font-weight: bold;
font-size: 16px;
}

p.findings-status-summary-title-entry {
color: black;
padding: .5rem;
padding-left: 1rem;
padding-right: 1rem;
margin: 0 10rem 2px calc(2rem + 4px);
position: relative;
text-decoration: none;
color: black;
font-weight: bold;
font-size: 16px;
}

p.findings-status-summary-title-entry::after {
content: 'Status';
padding: .5rem;
padding-left: 1rem;
padding-right: 1rem;
position: absolute;
background-color: #ffffff;
display: inline-block;
left: calc(36.8rem + 2px);
bottom: 0;
top: 0;
color: black;
font-weight: bold;
font-size: 16px;
overflow: hidden;
white-space: nowrap;
width: 8rem;
text-align: center;
}

31 changes: 31 additions & 0 deletions writehat/templates/componentTemplates/CVSSFinding.html
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,24 @@
<br />
{{ finding.severity }}
</div>
</div>
{% endif %}
{% if showStatus %}
<div class='finding-content'>
<div class='status' style='font-weight: bold'>
{{ finding.status }}
</div>
</div>
{% endif %}
<div class='finding-content'>
<div class='category' style='font-weight: bold'>
{{ finding.categoryFull }}
</div>
</div>
{% if finding.affectedResources %}
<div class='finding-content'>
<div class='affected-resources'>
{% markdown finding.affectedResources %}
<div class='finding-title'>
{% if showFindingNumbers %}[{{ finding.number }}] {% endif %}{{ finding.name }}
</div>
Expand Down Expand Up @@ -54,6 +72,19 @@
{% markdown finding.description %}
</div>
</div>
</div>
{% endif %}
{% if finding.retest %}
<div class='finding-content'>
<div class='retest'>
{% markdown finding.retest %}
</div>
</div>
{% endif %}
{% if finding.remediation %}
<div class='finding-content'>
<div class='remediation'>
{% markdown finding.remediation %}
{% endif %}
{% if finding.background %}
<div class='finding-content'>
Expand Down
28 changes: 28 additions & 0 deletions writehat/templates/componentTemplates/DREADFinding.html
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,16 @@
{% include 'componentTemplates/Heading.html' with classes="finding-heading" %}
{% endif %}
</div>
{% if showStatus %}
<div class='finding-content'>
<div class='status' style='font-weight: bold'>
{{ finding.status }}
</div>
</div>
{% endif %}
<div class='finding-content'>
<div class='category' style='font-weight: bold'>
{{ finding.categoryFull }}
<div class="finding-table">
<div class='finding-header'>
<div class='finding-severity background-color-severity'>
Expand Down Expand Up @@ -117,6 +127,24 @@
{% markdown finding.descDiscoverability %}
</div>
</div>
{% endif %}
<div class='finding-content'>
<div class='dread-category bold' category='Score'>(
D:{{ finding.dread.dict.dreadDamage }} +
R:{{ finding.dread.dict.dreadReproducibility }} +
E:{{ finding.dread.dict.dreadExploitability }} +
A:{{ finding.dread.dict.dreadAffectedUsers }} +
D:{{ finding.dread.dict.dreadDiscoverability }}
) / 5 = {{ finding.score }} ({{ finding.severity }}) </div>
</div>
{% if finding.retest %}
<div class='finding-content'>
<div class='retest'>
{% markdown finding.retest %}
</div>
</div>
{% endif %}
{% if finding.remediation %}
{% endif %}
<div class='finding-content'>
<div class='finding-content-header'>
Expand Down
24 changes: 24 additions & 0 deletions writehat/templates/componentTemplates/FindingsStatusList.html
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
<section class="l{{ level }} component {% if pageBreakBefore %} page-break{% endif %}">
{% include 'componentTemplates/Heading.html' with name=name %}

{% for fgroup in report.ordered_fgroups %}

<!-- Only include the title if there are findings -->
{% if fgroup.findings %}
<div class='finding-group-name'>
{{ fgroup.name }}
</div>
<p class="findings-status-summary-title-entry" finding-status-title="Status">
Finding
</p>
{% for finding in fgroup %}
{% if not report.finding_uuids or finding.id in report.finding_uuids %}
<p class="findings-status-summary-entry" finding-status="{{ finding.status }}">
<a href="#finding-{{ finding.id }}">[{{ finding.number }}] {{ finding.name }}</a>
</p>
{% endif %}
{% endfor %}

{% endif %}
{% endfor %}
</section>
28 changes: 28 additions & 0 deletions writehat/templates/componentTemplates/ProactiveFinding.html
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,23 @@
{% load custom_tags %}
<div id="finding-{{ finding.id }}" scoring-type="PROACTIVE" class="finding container" finding-severity="{{ finding.severity }}">
<div class='finding-header'>
<div class='finding-severity background-color-severity'>
{{ finding.severity }}
</div>
<div class='finding-title'>
{% if showFindingNumbers %}[{{ finding.number }}] {% endif %}{{ finding.name }}
</div>
</div>
{% if showStatus %}
<div class='finding-content'>
<div class='status' style='font-weight: bold'>
{{ finding.status }}
</div>
</div>
{% endif %}
<div class='finding-content'>
<div class='category' style='font-weight: bold'>
{{ finding.categoryFull }}
<div id="finding-{{ finding.id }}" scoring-type="PROACTIVE" class="finding" finding-severity="{{ finding.severity }}">
<div>
{% if first %}
Expand Down Expand Up @@ -43,6 +62,15 @@
{% markdown finding.background %}
</div>
</div>
{% endif %}
{% if finding.retest %}
<div class='finding-content'>
<div class='retest'>
{% markdown finding.retest %}
</div>
</div>
{% endif %}
{% if finding.references %}
{% endif %}
{% if finding.references %}
<div class='finding-content'>
Expand Down